Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: ISS issues bug disclosure guidelines
From: "SynRak" <synrak () hotmail com>
Date: Wed, 4 Dec 2002 16:58:20 -0500

I think a simple solution would be for everyone to give me their 0day code
and I will worry about who ends up with it :)

----- Original Message -----
From: "Georgi Guninski" <guninski () guninski com>
To: "Richard M. Smith" <rms () computerbytesman com>
Cc: <full-disclosure () lists netsys com>
Sent: Tuesday, December 03, 2002 5:16 AM
Subject: Re: [Full-disclosure] ISS issues bug disclosure guidelines


lol
Personally don't care about ISS's guidelines. Of course they can do
whatever
they wish with their 0days.
*My* 0days are another topic. For them I care about applicable laws where
I live
(and of course as this list shows, there are ways to post quite
anonymously).
And this guideline:
http://lists.netsys.com/pipermail/full-disclosure/2002-August/000822.html
Is much more apealing to me.

So after the responsibility rfc got busted, they are fighting at corporate
ground, lol?

I am thinking about making entities on my black list (microsoft,
securityfocus,
mitre, cert) beg for 0days in any form.

The idea is making a license agreement/non-disclosure agreement in the
publication/code which makes them not eligible to read/use the
intellectual
property at all. A lawyer said this approach is legal (of course it is
difficult
to enforce). In addition encoding like ROT13 may be used to prevent them
from
reverse engineering the IP (cough cough DMCA) :). There are several
precedents
of high profile code which forbids including in sf's vuln db.

Has anyone tried something like the above or has advice?

Georgi Guninski
http://www.guninski.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault